jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
19,486 Commits 33 Branches 583 Tags
81659d4bf22ffba544534dbffea33c8de2d41b77
Commit Graph

102 Commits

Author SHA1 Message Date
Girish Ramakrishnan 36aa641cb9 migrate to "export default" 
also, set no-use-before-define in linter
 2026-02-14 15:43:24 +01:00
Girish Ramakrishnan 96dc79cfe6 Migrate codebase from CommonJS to ES Modules 
- Convert all require()/module.exports to import/export across 260+ files
- Add "type": "module" to package.json to enable ESM by default
- Add migrations/package.json with "type": "commonjs" to keep db-migrate compatible
- Convert eslint.config.js to ESM with sourceType: "module"
- Replace __dirname/__filename with import.meta.dirname/import.meta.filename
- Replace require.main === module with process.argv[1] === import.meta.filename
- Remove 'use strict' directives (implicit in ESM)
- Convert dynamic require() in switch statements to static import lookup maps
  (dns.js, domains.js, backupformats.js, backupsites.js, network.js)
- Extract self-referencing exports.CONSTANT patterns into standalone const
  declarations (apps.js, services.js, locks.js, users.js, mail.js, etc.)
- Lazify SERVICES object in services.js to avoid circular dependency TDZ issues
- Add clearMailQueue() to mailer.js for ESM-safe queue clearing in tests
- Add _setMockApp() to ldapserver.js for ESM-safe test mocking
- Add _setMockResolve() wrapper to dig.js for ESM-safe DNS mocking in tests
- Convert backupupload.js to use dynamic imports so --check exits before
  loading the module graph (which requires BOX_ENV)
- Update check-install to use ESM import for infra_version.js
- Convert scripts/ (hotfix, release, remote_hotfix.js, find-unused-translations)
- All 1315 tests passing

Migration stats (AI-assisted using Cursor with Claude):
- Wall clock time: ~3-4 hours
- Assistant completions: ~80-100
- Estimated token usage: ~1-2M tokens

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-14 15:11:45 +01:00
Girish Ramakrishnan 12e073e8cf use node: prefix for requires 
mostly because code is being autogenerated by all the AI stuff using
this prefix. it's also used in the stack trace.
 2025-08-14 12:55:35 +05:30
Girish Ramakrishnan 59aaabecc7 backups: the get route was accidentally removed 2025-07-25 11:56:31 +02:00
Girish Ramakrishnan 622aecfd6d users: add unset route for avatar 
also add missing tests for avatar and profile locking
 2025-07-15 10:06:26 +02:00
Girish Ramakrishnan 04de621e37 Fix crash when req.query handling 
https://expressjs.com/en/5x/api.html#req.query

"As req.query’s shape is based on user-controlled input, all properties and values in this object
are untrusted and should be validated before trusting"

In essence, req.query.xx can be an array OR an array of strings.
 2025-07-13 13:21:38 +02:00
Girish Ramakrishnan 22e23e1e65 auth: add logs when auth fails or succeeds 2025-07-11 18:14:27 +02:00
Girish Ramakrishnan bba48f455e use @connect-lastmile 2025-07-10 11:00:31 +02:00
Johannes Zellner 713f1239c6 Allow admins to set users avatars 2025-06-30 22:44:59 +02:00
Johannes Zellner 2e4bc5e218 Start using req.resources = { app, volume, ...} pattern 
Reason was that req.app was clashing with expressjs v5 which
stores the main expressjs app object there
 2025-06-10 11:02:43 +02:00
Girish Ramakrishnan dd5e4adc73 replace underscore with our own 
we only need like 5 simple functions
 2025-02-13 14:14:34 +01:00
Girish Ramakrishnan 3b9d617e37 groups: add events to eventlog 2024-12-04 11:30:30 +01:00
Girish Ramakrishnan b4e7e394c3 split routes and model code into user-directory.js 2024-06-12 10:49:01 +02:00
Girish Ramakrishnan 9054f30aef lint 2024-05-25 13:42:44 +02:00
Girish Ramakrishnan 6086b0e797 typo 2024-04-05 12:11:43 +02:00
Girish Ramakrishnan 2760e25c0f users: validate groupIds items 2024-04-05 11:59:16 +02:00
Girish Ramakrishnan 18a680a85b groups: only the local groups of a user can be set 2024-02-28 15:56:03 +01:00
Girish Ramakrishnan d7dda61775 profile: unify password verification check 2024-01-22 14:03:23 +01:00
Girish Ramakrishnan 13b9bed48b externalldap: when using cloudron source, disable local 2fa setup 2024-01-20 12:44:19 +01:00
Girish Ramakrishnan c99c24b3bd users: cannot update profile fields of external user 2024-01-20 11:23:35 +01:00
Girish Ramakrishnan 8bdcdd7810 groups: members cannot be set for external groups 2024-01-19 23:23:25 +01:00
Girish Ramakrishnan 2ca94f3159 user: remove make local feature 
we discussed a bit on what this does and it's confusing as it stands:

* Use case of this is lost in the realms of time
* Possible guess by is that it was to move users of different Cloudron to a central cloudron
* Currently, the design is a bit flawed because the make user local button doesn’t pin the user. The state is lost in next synchronization.
* Maybe, one should use export/import user for this use case
* Let’s disable this button for now, feature is not complete.
 2024-01-13 11:02:25 +01:00
Girish Ramakrishnan 053f81a53e externalldap: add tests 2024-01-07 22:04:22 +01:00
Girish Ramakrishnan d12e6ee2b3 settings: make user_directory setting route 2023-08-03 08:29:12 +05:30
Girish Ramakrishnan 53e9eccf72 unify totp check 
the totp check is done in several places causing errors like 3552232e99

* ldap (addon)
* accesscontrol (dashboard)
* proxyauth
* directoryserver (exposed ldap)
* externalldap (the connector)

The code also makes externalldap auto-create work now across all the cases where there is a username
 2023-03-12 16:01:12 +01:00
Girish Ramakrishnan 5b075e3918 transfer ownership is not used anymore 2022-05-26 14:30:32 -07:00
Johannes Zellner 4c3b81d29c Add make user local tests and fixup route 2022-04-24 22:49:12 +02:00
Johannes Zellner 032218c0fd Add route to make user local 2022-04-24 22:22:25 +02:00
Johannes Zellner 71dac64c4c Only allow impersonation for equal or less powerful roles 2022-02-28 20:42:33 +01:00
Girish Ramakrishnan 26a8738b21 make user listing return non-private fields 
this was from a time when normal users could install apps
 2022-02-16 21:22:38 -08:00
Johannes Zellner d5481342ed Add ability to filter users by state 2022-02-07 17:18:13 +01:00
Girish Ramakrishnan 4513b6de70 add a way for admins to set username when profiles are locked 2022-01-12 16:21:00 -08:00
Johannes Zellner 4356d673bc Fix wrong assert and minor typos 2021-10-27 22:31:54 +02:00
Johannes Zellner 475795a107 Invite is now also separate 2021-10-27 19:58:06 +02:00
Johannes Zellner 9a80049d36 Add two distinct password reset routes 2021-10-27 19:12:18 +02:00
Johannes Zellner daf212468f fallbackEmail is now independent from email 2021-10-26 22:50:02 +02:00
Girish Ramakrishnan 445c83c8b9 make auditsource a class 
this allows us to use AuditSource for the class and auditSource for
the instances!
 2021-09-30 10:13:36 -07:00
Girish Ramakrishnan 0cfc3e03bb Use concrete resource name instead of generic "resource" 2021-09-20 22:42:34 -07:00
Johannes Zellner 2ea5786fcc Fix setGhost api usage 2021-09-17 15:52:52 +02:00
Johannes Zellner f75b0ebff9 Add set ghost route 2021-09-17 12:52:41 +02:00
Johannes Zellner 6785253377 Invitation is now also just a single route like password reset 2021-09-16 15:03:48 +02:00
Johannes Zellner ecd35bd08d Fixup 2fa reset route 2021-09-16 13:18:22 +02:00
Johannes Zellner d3d22f0878 Directly use users.verify() instead of another db lookup 2021-09-09 22:50:35 +02:00
Girish Ramakrishnan 7ba3203625 users: getAll -> list 2021-08-20 11:31:10 -07:00
Girish Ramakrishnan 79997d5529 users.add and users.createOwner only returns id now 2021-08-10 13:50:52 -07:00
Girish Ramakrishnan a1c61facdc merge userdb.js into users.js 2021-07-16 22:33:22 -07:00
Girish Ramakrishnan ea430b255b make the tests work 2021-06-29 11:01:46 -07:00
Girish Ramakrishnan 31498afe39 async'ify the groups code 2021-06-29 09:08:45 -07:00
Girish Ramakrishnan e7d9af5aed users: asyncify and merge userdb.del 2021-06-26 10:13:21 -07:00
Girish Ramakrishnan b8ea9de439 move profile icons into the database 2021-04-29 13:57:24 -07:00